6

CVE-2012-1057

Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sean RobertsonForward Version6.x-1.0
   DrupalDrupal
Sean RobertsonForward Version6.x-1.1
   DrupalDrupal
Sean RobertsonForward Version6.x-1.2
   DrupalDrupal
Sean RobertsonForward Version6.x-1.3
   DrupalDrupal
Sean RobertsonForward Version6.x-1.4
   DrupalDrupal
Sean RobertsonForward Version6.x-1.5
   DrupalDrupal
Sean RobertsonForward Version6.x-1.6
   DrupalDrupal
Sean RobertsonForward Version6.x-1.7
   DrupalDrupal
Sean RobertsonForward Version6.x-1.8
   DrupalDrupal
Sean RobertsonForward Version6.x-1.9
   DrupalDrupal
Sean RobertsonForward Version6.x-1.10
   DrupalDrupal
Sean RobertsonForward Version6.x-1.11
   DrupalDrupal
Sean RobertsonForward Version6.x-1.12
   DrupalDrupal
Sean RobertsonForward Version6.x-1.13
   DrupalDrupal
Sean RobertsonForward Version6.x-1.14
   DrupalDrupal
Sean RobertsonForward Version6.x-1.15
   DrupalDrupal
Sean RobertsonForward Version6.x-1.16
   DrupalDrupal
Sean RobertsonForward Version6.x-1.17
   DrupalDrupal
Sean RobertsonForward Version6.x-1.18
   DrupalDrupal
Sean RobertsonForward Version6.x-1.19
   DrupalDrupal
Sean RobertsonForward Version6.x-1.20
   DrupalDrupal
Sean RobertsonForward Version6.x-1.x-dev
   DrupalDrupal
Sean RobertsonForward Version7.x-1.0
   DrupalDrupal
Sean RobertsonForward Version7.x-1.0 Updatealpha1
   DrupalDrupal
Sean RobertsonForward Version7.x-1.0 Updatealpha2
   DrupalDrupal
Sean RobertsonForward Version7.x-1.0 Updatealpha3
   DrupalDrupal
Sean RobertsonForward Version7.x-1.0 Updaterc1
   DrupalDrupal
Sean RobertsonForward Version7.x-1.0 Updaterc2
   DrupalDrupal
Sean RobertsonForward Version7.x-1.0 Updaterc3
   DrupalDrupal
Sean RobertsonForward Version7.x-1.0 Updaterc4
   DrupalDrupal
Sean RobertsonForward Version7.x-1.1
   DrupalDrupal
Sean RobertsonForward Version7.x-1.2
   DrupalDrupal
Sean RobertsonForward Version7.x-1.x-dev
   DrupalDrupal
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.62% 0.447
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://drupal.org/node/1423722
Patch
http://drupal.org/node/1425150
Patch
Vendor Advisory
http://osvdb.org/78817
http://secunia.com/advisories/47851
Vendor Advisory
http://www.securityfocus.com/bid/51826
http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3
https://exchange.xforce.ibmcloud.com/vulnerabilities/72922